bf-sonarqube-scanner
Advanced tools
sonarqube-scanner makes it very easy to trigger SonarQube
/ SonarCloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarCloud using itself:
This package is available on npm as: sonarqube-scanner
To add code analysis to your build files, simply add the package to your project dev dependencies:
npm install -D sonarqube-scanner
To install the scanner globally and be able to run analyses on the command line:
npm install -g sonarqube-scanner
Prerequisite: you've installed the package as a dev dependency.
The following example shows how to run an analysis on a JavaScript project using Gulp, and pushing the results to SonarCloud, the online code-analysis service based on SonarQube:
var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');
gulp.task('default', function(callback) {
sonarqubeScanner({
serverUrl : "https://sonarcloud.io",
token : "019d1e2e04eefdcd0caee1468f39a45e69d33d3f",
options : {
"sonar.organization": "my-org"
}
}, callback);
});
Syntax: sonarqube-scanner ( parameters, [callback] )
Arguments
parameters Map
serverUrl String (optional) The URL of the SonarQube server. Defaults to http://localhost:9000token String (optional) The token used to connect to the SonarQube server. Empty by default.options Map (optional) Used to pass extra parameters for the SonarQube analysis. See the official documentation for more details.callback Function (optional)
Callback (the execution of the analysis is asynchronous).Prerequisite: you've installed the package globally.
If you want to run an analysis without having to configure anything in the first place, simply run the sonar-scanner command. The following
example assumes that you have installed SonarQube locally:
cd my-project
sonar-scanner
Specifying properties/settings
package.json file in the folder, it will be read to feed the analysis with basic information (like project name or version)sonar-project.properties file in the folder, it will behave like the original SonarQube Scanner-Dsonar.xxx=yyy syntax
Example:
sonar-scanner -Dsonar.host.url=https://myserver.com -Dsonar.login=019d1e2e04e
You can install manually the standard SonarQube Scanner, which requires to have a Java Runtime Environment available too (Java 8+). Once this is done, you can replace the 2nd line of the example by:
var sonarqubeScanner = require('sonarqube-scanner').customScanner;
By default, SonarQube scanner binaries are downloaded from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/.
To use a custom mirror, set $SONAR_SCANNER_MIRROR.
Example:
export SONAR_SCANNER_MIRROR=https://npm.taobao.org/mirrors/sonar-scanner/
sonarqube-scanner is licensed under the LGPL v3 License.
FAQs
SonarQube/SonarCloud Scanner for the JavaScript world
The npm package bf-sonarqube-scanner receives a total of 5 weekly downloads. As such, bf-sonarqube-scanner popularity was classified as not popular.
We found that bf-sonarqube-scanner demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
Security News
A survey of 500 cybersecurity pros reveals high pay isn't enough—lack of growth and flexibility is driving attrition and risking organizational security.
Product
Socket, the leader in open source security, is now available on Google Cloud Marketplace for simplified procurement and enhanced protection against supply chain attacks.